<?php  
// Session starten 
session_start (); 

// Datenbankverbindung aufbauen  
include "sql.php";

/* Verbindung zur Datenbank aufbauen */
$db = @mysql_connect($db_host,$db_user,$db_pass) or die(mysql_error());
@mysql_select_db($datab,$db) or die(mysql_error());


$sql = "SELECT ". 
    "t_user.anmeldename, t_user.vorname, t_user.name, t_user.id ".
  "FROM ".
    "t_user ".
  "WHERE ".
    "t_user.anmeldename like '".$_REQUEST['anmeldung']."' AND ".
    "t_user.passwort = '".md5 ($_REQUEST['pwd'])."'";  

$sql2 = "SELECT saison from t_einstellungen";

$result = mysql_query($sql);  
$result2 = mysql_query($sql2);  

if (mysql_num_rows ($result) > 0)  
{  
  // Benutzerdaten in ein Array auslesen.  
  $data = mysql_fetch_array ($result); 
  $data2 = mysql_fetch_array ($result2);


  // Sessionvariablen erstellen und registrieren  
  $_SESSION["user_anmeldename"] = $data["anmeldename"];  
  $_SESSION["user_name"] = $data["name"];  
  $_SESSION["user_vorname"] = $data["vorname"];
  $_SESSION["user_id"] = $data["id"];
  $_SESSION["this_saison"] = $data2["saison"];
  
  $sqlrechte = "SELECT bereich ".
  			   "FROM t_userrights ".
			   "WHERE user = '".$_SESSION["user_id"]."'";  
	
  $rechte = mysql_query ($sqlrechte);  
	
  while ($rights = mysql_fetch_row($rechte))
  {
	  if ($rights[0]==0)
	  {
		  $_SESSION["r_admin"] = 1;
	  }
	  if ($rights[0]==1)
	  {
		  $_SESSION["r_topnews"] = 1;
	  }
	  if ($rights[0]==2)
	  {
		  $_SESSION["r_news"] = 1;
	  }
	  if ($rights[0]==3)
	  {
		  $_SESSION["r_1a"] = 1;
	  }
	  if ($rights[0]==4)
	  {
		  $_SESSION["r_1b"] = 1;
	  }
	  if ($rights[0]==5)
	  {
		  $_SESSION["r_alt"] = 1;
	  }
	  if ($rights[0]==6)
	  {
		  $_SESSION["r_jung"] = 1;
	  }
  }
  
  $_SESSION["News"] = "on";
  $_SESSION["Topnews"] = "on";
  $_SESSION["Erste"] = "on";
  $_SESSION["Zweite"] = "on";
  $_SESSION["Alt"] = "on";
  $_SESSION["Jugend"] = "on";
  
  header ("Location: 00_navi_in.php");  
}  
else  
{  
  header ("Location: 00_navi_out.php?fehler=1");  
}  
?>